Lucene search

K
prionPRIOn knowledge basePRION:CVE-2020-6096
HistoryApr 01, 2020 - 10:15 p.m.

Design/Logic Flaw

2020-04-0122:15:00
PRIOn knowledge base
www.prio-n.com
9

AI Score

8

Confidence

High

EPSS

0.074

Percentile

94.1%

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the ‘num’ parameter results in a signed comparison vulnerability. If an attacker underflows the ‘num’ parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

CPENameOperatorVersion
debian_linuxeq10.0
fedoraeq31
fedoraeq32
glibcle2.31